This file is indexed.

/usr/share/opendnssec/kasp.xml is in opendnssec-common 1:2.1.3-0.2build1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?xml version="1.0" encoding="UTF-8"?>

<!--
  
  NOTE:  The default policy below is a TEMPLATE ONLY and should be reviewed
         before used in any production environment. The administrator should
         consult the OpenDNSSEC documentation before changing any parameters.
         
         If you can read this message, it is likely that this file has not
         been reviewed nor updated.

  -->

<KASP>

	<Policy name="default">
		<Description>A default policy that will amaze you and your friends</Description>
		<Signatures>
			<Resign>PT2H</Resign>
			<Refresh>P3D</Refresh>
			<Validity>
				<Default>P14D</Default>
				<Denial>P14D</Denial>
			</Validity>
			<Jitter>PT12H</Jitter>
			<InceptionOffset>PT3600S</InceptionOffset>
			<MaxZoneTTL>P1D</MaxZoneTTL>
		</Signatures>

		<Denial>
			<NSEC3>
				<!-- <TTL>PT0S</TTL> -->
				<!-- <OptOut/> -->
				<Resalt>P100D</Resalt>
				<Hash>
					<Algorithm>1</Algorithm>
					<Iterations>5</Iterations>
					<Salt length="8"/>
				</Hash>
			</NSEC3>
		</Denial>

		<Keys>
			<!-- Parameters for both KSK and ZSK -->
			<TTL>PT3600S</TTL>
			<RetireSafety>PT3600S</RetireSafety>
			<PublishSafety>PT3600S</PublishSafety>
			<!-- <ShareKeys/> -->
			<Purge>P14D</Purge>

			<!-- Parameters for KSK only -->
			<KSK>
				<Algorithm length="2048">8</Algorithm>
				<Lifetime>P1Y</Lifetime>
				<Repository>SoftHSM</Repository>
			</KSK>

			<!-- Parameters for ZSK only -->
			<ZSK>
				<Algorithm length="1024">8</Algorithm>
				<Lifetime>P90D</Lifetime>
				<Repository>SoftHSM</Repository>
				<!-- <ManualRollover/> -->
			</ZSK>
		</Keys>

		<Zone>
			<PropagationDelay>PT43200S</PropagationDelay>
			<SOA>
				<TTL>PT3600S</TTL>
				<Minimum>PT3600S</Minimum>
				<Serial>unixtime</Serial>
			</SOA>
		</Zone>

		<Parent>
			<PropagationDelay>PT9999S</PropagationDelay>
			<DS>
				<TTL>PT3600S</TTL>
			</DS>
			<SOA>
				<TTL>PT172800S</TTL>
				<Minimum>PT10800S</Minimum>
			</SOA>
		</Parent>

	</Policy>

	<Policy name="lab">
		<Description>Quick turnaround policy for lab work</Description>
		<Signatures>
			<Resign>PT10M</Resign>
			<Refresh>PT30M</Refresh>
			<Validity>
				<Default>PT1H</Default>
				<Denial>PT1H</Denial>
			</Validity>
			<Jitter>PT1M</Jitter>
			<InceptionOffset>PT3600S</InceptionOffset>
			<MaxZoneTTL>PT300S</MaxZoneTTL>
		</Signatures>

		<Denial>
			<NSEC/>
		</Denial>

		<Keys>
			<!-- Parameters for both KSK and ZSK -->
			<TTL>PT300S</TTL>
			<RetireSafety>PT360S</RetireSafety>
			<PublishSafety>PT360S</PublishSafety>
			<!-- <ShareKeys/> -->
			<Purge>P14D</Purge>

			<!-- Parameters for KSK only -->
			<KSK>
				<Algorithm length="2048">8</Algorithm>
				<Lifetime>P1Y</Lifetime>
				<Repository>SoftHSM</Repository>
			</KSK>

			<!-- Parameters for ZSK only -->
			<ZSK>
				<Algorithm length="1024">8</Algorithm>
				<Lifetime>PT4H</Lifetime>
				<Repository>SoftHSM</Repository>
				<!-- <ManualRollover/> -->
			</ZSK>
		</Keys>

		<Zone>
			<PropagationDelay>PT300S</PropagationDelay>
			<SOA>
				<TTL>PT300S</TTL>
				<Minimum>PT300S</Minimum>
				<Serial>unixtime</Serial>
			</SOA>
		</Zone>

		<Parent>
			<PropagationDelay>PT9999S</PropagationDelay>
			<DS>
				<TTL>PT3600S</TTL>
			</DS>
			<SOA>
				<TTL>PT172800S</TTL>
				<Minimum>PT10800S</Minimum>
			</SOA>
		</Parent>

	</Policy>	
</KASP>